capstone-engine
SKIPDATA default length for SYSZ
The length of a SystemZ instruction is encoded into the top two bits of the first byte of the instruction. The fact that SYSZ skips exactly two bytes for an unknown instruction is less than ideal, and means that we are then out of sync with the intended instruction stream.
This option is to skip data, with assumption that we can decode all instructions.
So change this to 1 byte would fix the problem? Please PR then.
There will always be instructions that are new and thus unknown. There are even system specific instructions in use by the Linux kernel which are caught ought by this.
Still, if the instruction size is unknown, we should set this to 1, like in the case of x86.
Please provide the Sysz instruction you mentioned, i will look into it.
The size is not unknown, it's in the top two bits of the instruction. Examples include .byte 0xb2, 0x20, 0x00, 0x21 // servc, RRE format, "SCLP service call" .byte 0xb2, 0x5f, 0x00, 0x30 // chsc, RRE format, "CHSC subchannel present on LPAR" .byte 0xeb, 0x24, 0x30, 0x00, 0x00, 0xd1 // sic, RSY(a) format. No docs I can find, but Linux uses it.
If it's actually data, then we output e.g. 4 bytes on one .byte line instead of two. No data is lost or omitted.
But if it is not data, and we only skip two bytes, then the next instruction we decode will start in the middle of the previous instruction and we are out of sync with the intended instruction stream. This can make it very hard to figure out what happens after the unknown instruction.